VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution
Posted by deepcore on April 27, 2021 – 11:52 pm
This Metasploit module exploits a pre-auth server-side request forgery (CVE-2021-21975) and post-auth file write (CVE-2021-21983) in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983 affects the /casa/private/config/slice/ha/certificate endpoint. Code execution occurs as the “admin” Unix user.
Post a reply
You must be logged in to post a comment.